Nearly 20 years after Congress passed the Electronic Freedom of Information Act Amendments (E-FOIA), only 40 percent of
agencies have followed the law's instruction for systematic posting of records released through FOIA in their electronic reading rooms, according to a new
FOIA Audit released today by the National Security Archive at www.nsarchive.org to mark Sunshine Week.
The Archive team audited all federal agencies with Chief FOIA Officers as well as agency components that handle more than 500 FOIA requests a year — 165
federal offices in all — and found only 67 with online libraries populated with significant numbers of released FOIA documents and regularly updated.

Congress called on agencies to embrace disclosure and the digital era nearly two decades ago, with the passage of the 1996 "E-FOIA" amendments. The law
mandated that agencies post key sets of records online, provide citizens with detailed guidance on making FOIA requests, and use new information technology
to post online proactively records of significant public interest, including those already processed in response to FOIA requests and "likely to become the
subject of subsequent requests."
Congress believed then, and openness advocates know now, that this kind of proactive disclosure, publishing online the results of FOIA requests as well as
agency records that might be requested in the future, is the only tenable solution to FOIA backlogs and delays. Thus the National Security
Archive chose to focus on the e-reading rooms of agencies in its latest audit.
Even though the majority of federal agencies have not yet embraced proactive disclosure of their FOIA releases, the Archive E-FOIA Audit did find that some
real "E-Stars" exist within the federal government, serving as examples to lagging agencies that technology can be harnessed to create state-of-the art
FOIA platforms. Unfortunately, our audit also found "E-Delinquents" whose abysmal web performance recalls the teletype era.

E-Delinquents include the Office of Science and Technology Policy at the White House, which, despite being mandated to advise the President on technology
policy, does not embrace 21st century practices by posting any frequently requested records online. Another E-Delinquent, the Drug Enforcement
Administration, insults its website's viewers by claiming that it "does not maintain records appropriate for FOIA Library at this time."

The federal government has made some progress moving into the digital era. The National Security Archive's last E-FOIA Audit in 2007, " File Not Found," reported that only one in five federal agencies had put online all of the
specific requirements mentioned in the E-FOIA amendments, such as guidance on making requests, contact information, and processing regulations. The new
E-FOIA Audit finds the number of agencies that have checked those boxes is now much higher — 100 out of 165 — though many (66 in 165) have posted just the
bare minimum, especially when posting FOIA responses. An additional 33 agencies even now do not post these types of records at all, clearly thwarting the
law's intent.

"The presumption of openness requires the presumption of posting," said Archive director Tom Blanton. "For the new generation, if it's not online, it does not exist."
The National Security Archive has conducted fourteen FOIA Audits since 2002. Modeled after the California Sunshine Survey and subsequent state "FOI
Audits," the Archive's FOIA Audits use open-government laws to test whether or not agencies are obeying those same laws. Recommendations from previous
Archive FOIA Audits have led directly to laws and executive orders which have: set explicit customer service guidelines, mandated FOIA backlog reduction,
assigned individualized FOIA tracking numbers, forced agencies to report the average number of days needed to process requests, and revealed the (often
embarrassing) ages of the oldest pending FOIA requests. The surveys include:

Justice Department guidance undermines the statute.
Currently, the FOIA stipulates that documents "likely to become the subject of subsequent requests" must be posted by agencies somewhere in their
electronic reading rooms. The Department of Justice's Office of Information Policy defines these records as "frequently requested records… or those which have been
released three or more times to FOIA requesters." Of course, it is time-consuming for agencies to develop a system that keeps track of how often a record
has been released, which is in part why agencies rarely do so and are often in breach of the law. Troublingly, both the current House and Senate FOIA bills include language that codifies the instructions from the Department of
Justice.
The National Security Archive believes the addition of this "three or more times" language actually harms the intent of the Freedom of Information Act as
it will give agencies an easy excuse ("not requested three times yet!") not to proactively post documents that agency FOIA offices have already spent time,
money, and energy processing. We have formally suggested alternate language requiring that agencies generally post "all records, regardless of form or
format that have been released in response to a FOIA request."

Disabilities Compliance.
Despite the E-FOIA Act, many government agencies do not embrace the idea of posting their FOIA responses online. The most common reason agencies give is that it
is difficult to post documents in a format that complies with the Americans with Disabilities Act, also referred to as being "508 compliant," and the 1998
Amendments to the Rehabilitation Act that require federal agencies "to make their electronic and information technology (EIT) accessible to people with
disabilities."
E-Star agencies, however, have proven that 508 compliance is no barrier when the agency has a will to post. All documents posted on FOIAonline are 508
compliant, as are the documents posted by the Department of Defense and the Department of State. In fact, every document created electronically by the US
government after 1998 should already be 508 compliant. Even old paper records that are scanned to be processed through FOIA can be made 508 compliant with
just a few clicks in Adobe Acrobat, according to
this Department of Homeland Security guide
(essentially OCRing the text, and including information about where non-textual fields appear). Even if agencies are insistent it is too difficult to OCR
older documents that were scanned from paper, they cannot use that excuse with digital records.

Privacy.
Another commonly articulated concern about posting FOIA releases online is that doing so could inadvertently disclose private information from "first
person" FOIA requests. This is a valid concern, and this subset of FOIA requests should not be posted online. (The Justice Department identified "first party" requester rights in 1989. Essentially agencies cannot use
the b(6) privacy exemption to redact information if a person requests it for him or herself. An example of a "first person" FOIA would be a person's
request for his own immigration file.)
Cost and Waste of Resources.
There is also a belief that there is little public interest in the majority of FOIA requests processed, and hence it is a waste of resources to post them.
This thinking runs counter to the governing principle of the Freedom of Information Act: that government information belongs to US citizens, not US
agencies. As such, the reason that a person requests information is immaterial as the agency processes the request; the "interest factor" of a document
should also be immaterial when an agency is required to post it online.
Some think that posting FOIA releases online is not cost effective. In fact, the opposite is true. It's not cost effective to spend tens (or
hundreds) of person hours to search for, review, and redact FOIA requests only to mail it to the requester and have them slip it into their desk drawer and
forget about it. That is a waste of resources. The released document should be posted online for any interested party to utilize. This will only become
easier as FOIA processing systems evolve to automatically post the documents they track. The State Department earned its "E-Star" status demonstrating this
very principle, and spent no new funds and did not hire contractors to build its Electronic Reading Room, instead it built a self-sustaining platform that
will save the agency time and money going forward.